Overview

overview

3

Static

static

3

删后缀�...�1.rar

windows7-x64

3

删后缀�...�1.rar

windows10-2004-x64

3

RJ01082861...s.html

windows7-x64

1

RJ01082861...s.html

windows10-2004-x64

1

RJ01082861...47.dll

windows10-2004-x64

3

RJ01082861...eg.dll

windows7-x64

1

RJ01082861...eg.dll

windows10-2004-x64

1

RJ01082861...GL.dll

windows7-x64

1

RJ01082861...GL.dll

windows10-2004-x64

1

RJ01082861...v2.dll

windows7-x64

1

RJ01082861...v2.dll

windows10-2004-x64

1

RJ01082861...nt.pak

windows7-x64

3

RJ01082861...nt.pak

windows10-2004-x64

3

RJ01082861...nt.pak

windows7-x64

3

RJ01082861...nt.pak

windows10-2004-x64

3

RJ01082861...e.json

windows7-x64

3

RJ01082861...e.json

windows10-2004-x64

3

RJ01082861...es.pak

windows7-x64

3

RJ01082861...es.pak

windows10-2004-x64

3

RJ01082861...ob.bin

windows7-x64

3

RJ01082861...ob.bin

windows10-2004-x64

3

RJ01082861...GL.dll

windows7-x64

1

RJ01082861...GL.dll

windows10-2004-x64

1

RJ01082861...v2.dll

windows7-x64

1

RJ01082861...v2.dll

windows10-2004-x64

1

RJ01082861...mm.dll

windows7-x64

1

RJ01082861...mm.dll

windows10-2004-x64

1

RJ01082861...rpgmvo

windows7-x64

3

RJ01082861...rpgmvo

windows10-2004-x64

3

RJ01082861...rpgmvo

windows7-x64

3

RJ01082861...rpgmvo

windows10-2004-x64

3

RJ01082861...rpgmvo

windows7-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 08:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RJ01082861-PC/www/audio/bgm/BGM_Junai3_Gazania.rpgmvo

  • Size

    6.2MB

  • MD5

    6fe07a8e662d0ede1c7095e1bb7555be

  • SHA1

    703eab485a0c2b79755cb947a5923f15fafedfb7

  • SHA256

    e0f2a6d8f1a759f58b3e780ce4193aee019fdcbbfc8ba42e9059a16711958a37

  • SHA512

    5ad00f90f7471d563e86fdfc6012225410c03e106f33e59806010ff89902442b9b6afed8a95c3130f0a311e1ee9c7cc62b48a5e84ed52ccb325da3255b47575f

  • SSDEEP

    98304:9EASN16LsS3eZaw2VRCiqIlKG+CgeunMCC+y8kIfQqVumCfkjUBMVhKtzOIf4Q5R:9UrS3DCiqI1pskIfcTcjKxtTf4Q5r9

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\RJ01082861-PC\www\audio\bgm\BGM_Junai3_Gazania.rpgmvo
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1200
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\RJ01082861-PC\www\audio\bgm\BGM_Junai3_Gazania.rpgmvo
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2616
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\RJ01082861-PC\www\audio\bgm\BGM_Junai3_Gazania.rpgmvo"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2620

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    fb4aaf4fa7d7320d6307edb406bd108a

    SHA1

    c3576b7c408230cc03f653f602c0e9af971f2d43

    SHA256

    c55ac3a8a4ecaa830962cffd67a8cde453f91e33a14412f2689b8d54618e4fbe

    SHA512

    3ecb58908b03326df3175117162d7f1dcad2da50514e6512e4a0c7a4329a0a3b2516e4c80d0a72fea57427971fff5763de745c549e81ada1b69973f16efa98f2

    Download Submit